Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
privilege escalation vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2015-7707
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.
Igniterealtime Openfire 3.10.2
1 EDB exploit
7.2
CVSSv2
CVE-2018-19321
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and previous versions, AORUS GRAPHICS ENGINE prior to 1.57, XTREME GAMING ENGINE prior to 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by...
Gigabyte App Center
Gigabyte Aorus Graphics Engine
Gigabyte Xtreme Gaming Engine
Gigabyte Oc Guru Ii 2.08
2 Github repositories
4.6
CVSSv2
CVE-2018-19322
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and previous versions, AORUS GRAPHICS ENGINE prior to 1.57, XTREME GAMING ENGINE prior to 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a numbe...
Gigabyte App Center
Gigabyte Aorus Graphics Engine
Gigabyte Xtreme Gaming Engine
Gigabyte Oc Guru Ii 2.08
9
CVSSv2
CVE-2018-19323
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and previous versions, AORUS GRAPHICS ENGINE prior to 1.57, XTREME GAMING ENGINE prior to 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).
Gigabyte Aorus Graphics Engine
Gigabyte Xtreme Gaming Engine
Gigabyte Gigabyte App Center
Gigabyte Oc Guru Ii 2.08
2 Github repositories
10
CVSSv2
CVE-2022-22832
An issue exists in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request.
Servisnet Tessa 0.0.2
7.2
CVSSv2
CVE-2018-19320
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and previous versions, AORUS GRAPHICS ENGINE prior to 1.57, XTREME GAMING ENGINE prior to 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local malicious user to take complete control ...
Gigabyte Oc Guru Ii 2.08
Gigabyte App Center
Gigabyte Xtreme Gaming Engine
Gigabyte Aorus Graphics Engine
9 Github repositories
6.8
CVSSv2
CVE-2018-17776
PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
Pcprotect Antivirus 4.8.35
1 EDB exploit
NA
CVE-2022-37393
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute...
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
Zimbra Collaboration 8.7.6
Zimbra Collaboration 8.7.7
Zimbra Collaboration 8.7.9
Zimbra Collaboration 8.7.10
Zimbra Collaboration 8.7.11
Zimbra Collaboration 8.8.0
Zimbra Collaboration 8.8.2
Zimbra Collaboration 8.8.3
Zimbra Collaboration 8.8.4
Zimbra Collaboration 8.8.6
Zimbra Collaboration 8.8.7
Zimbra Collaboration 8.8.8
Zimbra Collaboration 8.8.9
Zimbra Collaboration 8.8.10
Zimbra Collaboration 8.8.11
Zimbra Collaboration 8.8.12
1 Github repository
6.8
CVSSv2
CVE-2020-11107
An issue exists in XAMPP prior to 7.2.29, 7.3.x prior to 7.3.16 , and 7.4.x prior to 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution.
Apachefriends Xampp
2 Github repositories
6.8
CVSSv2
CVE-2020-11511
The LearnPress plugin prior to 3.2.6.9 for WordPress allows remote malicious users to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter.
Thimpress Learnpress
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »